Arista
Products by Arista Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Arista . Last year Arista had 2 security vulnerabilities published. Right now, Arista is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 2 | 7.30 |
2022 | 6 | 7.85 |
2021 | 4 | 4.40 |
2020 | 11 | 6.98 |
2019 | 5 | 6.64 |
2018 | 3 | 7.93 |
It may take a day or so for new Arista vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Arista Security Vulnerabilities
On affected versions of the CloudVision Portal improper access controls on the connection
CVE-2023-24546
8.1 - High
- June 13, 2023
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
AuthZ
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request
CVE-2023-24512
6.5 - Medium
- April 25, 2023
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
AuthZ
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords
CVE-2022-29071
5.5 - Medium
- August 05, 2022
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
Insertion of Sensitive Information into Log File
The impact of this vulnerability is
CVE-2021-28503
9.8 - Critical
- February 04, 2022
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
authentification
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
CVE-2021-28500
7.8 - High
- January 14, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially
CVE-2021-28506
9.1 - Critical
- January 14, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
Missing Authentication for Critical Function
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed
CVE-2021-28507
7.1 - High
- January 14, 2022
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
CVE-2021-28501
7.8 - High
- January 14, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
On systems running Arista EOS and CloudEOS with the affected release version
CVE-2021-28496
6.5 - Medium
- October 21, 2021
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train
Insufficiently Protected Credentials
A flaw was found in dnsmasq before version 2.83
CVE-2020-25686
3.7 - Low
- January 20, 2021
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Improperly Implemented Security Check for Standard
A flaw was found in dnsmasq before version 2.83
CVE-2020-25684
3.7 - Low
- January 20, 2021
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
A flaw was found in dnsmasq before version 2.83
CVE-2020-25685
3.7 - Low
- January 20, 2021
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Inadequate Encryption Strength
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F
CVE-2020-15897
7.5 - High
- October 26, 2020
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.
Aristas CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F
CVE-2020-13100
7.5 - High
- October 26, 2020
Aristas CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F
CVE-2020-17355
7.5 - High
- October 21, 2020
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.
A vulnerability in Aristas CloudVision Portal (CVP) prior to 2020.2
CVE-2020-24333
6.5 - Medium
- September 22, 2020
A vulnerability in Aristas CloudVision Portal (CVP) prior to 2020.2 allows users with read-only or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
authentification
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged
CVE-2020-13881
7.5 - High
- June 06, 2020
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Insertion of Sensitive Information into Log File
An issue was found in Arista EOS
CVE-2019-18948
7.5 - High
- April 16, 2020
An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Aristas EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.
Improper Input Validation
utility.c in telnetd in netkit telnet through 0.17
CVE-2020-10188
9.8 - Critical
- March 06, 2020
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
Classic Buffer Overflow
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which
CVE-2015-6815
3.5 - Low
- January 31, 2020
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Infinite Loop
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1
CVE-2015-5278
6.5 - Medium
- January 23, 2020
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Infinite Loop
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0
CVE-2015-5745
6.5 - Medium
- January 23, 2020
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
Classic Buffer Overflow
Integer overflow in the VNC display driver in QEMU before 2.1.0
CVE-2015-5239
6.5 - Medium
- January 23, 2020
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
Infinite Loop
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train
CVE-2019-18181
7.8 - High
- December 19, 2019
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
In CloudVision Portal (CVP) for all releases in the 2018.2 Train
CVE-2019-18615
4.9 - Medium
- December 19, 2019
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.
Insufficiently Protected Credentials
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key
CVE-2019-17596
7.5 - High
- October 24, 2019
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Interpretation Conflict
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
CVE-2018-12357
6.5 - Medium
- August 15, 2019
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
Incorrect Permission Assignment for Critical Resource
Arista EOS through 4.21.0F
CVE-2018-14008
6.5 - Medium
- August 15, 2019
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
authentification
Arista EOS before 4.20.2F
CVE-2018-5254
7.5 - High
- April 12, 2018
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
Communication Channel Errors
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F
CVE-2018-5255
6.5 - Medium
- March 05, 2018
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36
CVE-2017-18017
9.8 - Critical
- January 03, 2018
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Dangling pointer
Heap-based buffer overflow in dnsmasq before 2.78
CVE-2017-14491
9.8 - Critical
- October 04, 2017
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Memory Corruption
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which
CVE-2015-6855
7.5 - High
- November 06, 2015
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
Divide By Zero
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might
CVE-2015-3214
- August 31, 2015
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Buffer Overflow
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier
CVE-2015-5165
- August 12, 2015
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Use of Uninitialized Resource
Heap-based buffer overflow in the PCNET controller in QEMU
CVE-2015-3209
- June 15, 2015
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Memory Corruption